Let's start by clearing up a misconception: what Vault isn't! It is not a backup tool. In other words, Vault isn't designed to quickly restore accidentally deleted folders to a user's inbox. It's an archive, not a recovery tool for everyday use. (For that, we highly recommend CLOUDMEN restore or Afi Cloud BackUp!)
So what is it then? Google Vault is essentially the digital vault and time machine for Google Workspace. It's an e-discovery and archiving tool that allows your organization to store, search, and export data for legal or compliance purposes.
Vault acts as a management layer on top of the standard Google Workspace apps (such as Gmail, Drive, and Chat). Its key features include:
- Retention: You can set rules that determine how long data is retained. Even if an employee deletes an email, it remains in the "vault" for the duration of the retention period. (This is different from the trash folder, which retains data for 30 days by default.)
- Archiving: Data is stored securely even if users leave the organization (provided the license is managed correctly).
- E-discovery: Administrators can quickly search across all data across the entire enterprise based on keywords, dates, or specific users.
- Legal Hold: If you become embroiled in a lawsuit with a (former) employee, you can place a hold on specific accounts. This means their data cannot be deleted, no matter what happens.
Vault administrators have access to highly sensitive actions, including the ability to search for and export specific sensitive user data or large amounts of data across an entire domain. Therefore, Google recently introduced multi-party approval (MPA) for Vault. Two individual administrators must grant each other permission to perform certain actions, such as creating exports from Vault.
Multi-party approval adds an extra layer of security to these sensitive actions, preventing unauthorized or unintended changes on a large scale. This dual-authorization mechanism significantly reduces the risk of unauthorized or malicious actions, such as attempts to steal confidential information or delete data.
Note: Access to Vault is license-dependent. Vault is included with Google Workspace Business Plus, Enterprise and Education plans. If you are using a lower subscription like Business Starter or Standard, you can order it separately.
